use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.
the class OutboundProvisioningManager method provision.
/**
* Outbound provisioning method.
*
* @param provisioningEntity Provisioning entity.
* @param serviceProviderIdentifier Identifier of the service provider.
* @param inboundClaimDialect Inbound claim dialect.
* @param spTenantDomainName Tenant domain of the service provider.
* @param jitProvisioning Is JIT provisioning enabled.
* @throws IdentityProvisioningException if error occurred while user provisioning.
*/
public void provision(ProvisioningEntity provisioningEntity, String serviceProviderIdentifier, String inboundClaimDialect, String spTenantDomainName, boolean jitProvisioning) throws IdentityProvisioningException {
try {
if (provisioningEntity.getEntityName() == null) {
setProvisioningEntityName(provisioningEntity);
}
// get details about the service provider.any in-bound provisioning request via
// the SOAP based API (or the management console) - or SCIM API with HTTP Basic
// Authentication is considered as coming from the local service provider.
ServiceProvider serviceProvider = ApplicationManagementService.getInstance().getServiceProvider(serviceProviderIdentifier, spTenantDomainName);
if (serviceProvider == null) {
throw new IdentityProvisioningException("Invalid service provider name : " + serviceProviderIdentifier);
}
String provisioningEntityTenantDomainName = spTenantDomainName;
if (serviceProvider.isSaasApp() && isUserTenantBasedOutboundProvisioningEnabled()) {
provisioningEntityTenantDomainName = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
}
ClaimMapping[] spClaimMappings = null;
// if we know the serviceProviderClaimDialect - we do not need to find it again.
if (inboundClaimDialect == null && serviceProvider.getClaimConfig() != null) {
spClaimMappings = serviceProvider.getClaimConfig().getClaimMappings();
}
// get all the provisioning connectors associated with local service provider for
// out-bound provisioning.
// TODO: stop loading connectors all the time.
Map<String, RuntimeProvisioningConfig> connectors = getOutboundProvisioningConnectors(serviceProvider, spTenantDomainName);
ProvisioningEntity outboundProEntity;
ExecutorService executors = null;
if (MapUtils.isNotEmpty(connectors)) {
executors = Executors.newFixedThreadPool(connectors.size());
}
for (Iterator<Entry<String, RuntimeProvisioningConfig>> iterator = connectors.entrySet().iterator(); iterator.hasNext(); ) {
Entry<String, RuntimeProvisioningConfig> entry = iterator.next();
Entry<String, AbstractOutboundProvisioningConnector> connectorEntry = entry.getValue().getProvisioningConnectorEntry();
AbstractOutboundProvisioningConnector connector = connectorEntry.getValue();
String connectorType = connectorEntry.getKey();
String idPName = entry.getKey();
IdentityProvider provisioningIdp = IdentityProviderManager.getInstance().getIdPByName(idPName, spTenantDomainName);
if (provisioningIdp == null) {
// by its name.
throw new IdentityProvisioningException("Invalid identity provider name : " + idPName);
}
String outboundClaimDialect = connector.getClaimDialectUri();
if (outboundClaimDialect == null && (provisioningIdp.getClaimConfig() == null || provisioningIdp.getClaimConfig().isLocalClaimDialect())) {
outboundClaimDialect = IdentityProvisioningConstants.WSO2_CARBON_DIALECT;
}
ClaimMapping[] idpClaimMappings = null;
if (provisioningIdp.getClaimConfig() != null) {
idpClaimMappings = provisioningIdp.getClaimConfig().getClaimMappings();
}
// TODO: this should happen asynchronously in a different thread.
// create a new provisioning entity object for each provisioning identity
// provider.
Map<ClaimMapping, List<String>> mapppedClaims;
// get mapped claims.
mapppedClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, provisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
if (provisioningIdp.getPermissionAndRoleConfig() != null) {
// update with mapped user groups.
updateProvisioningUserWithMappedRoles(provisioningEntity, provisioningIdp.getPermissionAndRoleConfig().getRoleMappings());
}
// check whether we already have the provisioned identifier - if
// so set it.
ProvisionedIdentifier provisionedIdentifier;
provisionedIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, provisioningEntity, spTenantDomainName);
ProvisioningOperation provisioningOp = provisioningEntity.getOperation();
if (ProvisioningOperation.DELETE.equals(provisioningOp) && (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null)) {
// send outbound delete request. Skip the flow
return;
}
if (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) {
provisioningOp = ProvisioningOperation.POST;
}
String[] provisionByRoleList = new String[0];
if (provisioningIdp.getProvisioningRole() != null) {
provisionByRoleList = provisioningIdp.getProvisioningRole().trim().split("\\s*,[,\\s]*");
}
if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList(provisionByRoleList).contains(provisioningEntity.getEntityName())) {
Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
List<String> newUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.NEW_USER_CLAIM_URI, null, null, false));
List<String> deletedUsersList = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, null, null, false));
Map<ClaimMapping, List<String>> mappedUserClaims;
ProvisionedIdentifier provisionedUserIdentifier;
for (String user : newUsersList) {
ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.POST, user);
provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
continue;
}
mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.POST, mappedUserClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isBlocking = entry.getValue().isBlocking();
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
for (String user : deletedUsersList) {
ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, provisioningEntityTenantDomainName, ProvisioningOperation.DELETE, user);
provisionedUserIdentifier = getProvisionedEntityIdentifier(idPName, connectorType, inboundProvisioningEntity, spTenantDomainName);
if (provisionedUserIdentifier != null && provisionedUserIdentifier.getIdentifier() != null) {
mappedUserClaims = getMappedClaims(inboundClaimDialect, outboundClaimDialect, inboundProvisioningEntity, spClaimMappings, idpClaimMappings, spTenantDomainName);
outboundProEntity = new ProvisioningEntity(ProvisioningEntityType.USER, user, ProvisioningOperation.DELETE, mappedUserClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedUserIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isBlocking = entry.getValue().isBlocking();
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
}
} else {
if (!canUserBeProvisioned(provisioningEntity, provisionByRoleList, provisioningEntityTenantDomainName)) {
if (!canUserBeDeProvisioned(provisionedIdentifier)) {
continue;
} else {
// This is used when user removed from the provisioning role
provisioningOp = ProvisioningOperation.DELETE;
}
}
if (!skipOutBoundProvisioning(provisioningOp, provisioningEntity, inboundClaimDialect)) {
outboundProEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), provisioningOp, mapppedClaims);
Callable<Boolean> proThread = new ProvisioningThread(outboundProEntity, spTenantDomainName, provisioningEntityTenantDomainName, connector, connectorType, idPName, dao);
outboundProEntity.setIdentifier(provisionedIdentifier);
outboundProEntity.setJitProvisioning(jitProvisioning);
boolean isAllowed = true;
boolean isBlocking = entry.getValue().isBlocking();
boolean isPolicyEnabled = entry.getValue().isPolicyEnabled();
if (isPolicyEnabled) {
isAllowed = XACMLBasedRuleHandler.getInstance().isAllowedToProvision(spTenantDomainName, provisioningEntity, serviceProvider, idPName, connectorType);
}
if (isAllowed) {
executeOutboundProvisioning(provisioningEntity, executors, connectorType, idPName, proThread, isBlocking);
}
}
}
}
if (executors != null) {
executors.shutdown();
}
} catch (CarbonException | IdentityApplicationManagementException | IdentityProviderManagementException | UserStoreException e) {
throw new IdentityProvisioningException("Error occurred while checking for user " + "provisioning", e);
}
}
use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.
the class ProvisioningThread method deleteProvisionedEntityIdentifier.
/**
* @param idpName
* @param connectorType
* @param provisioningEntity
* @param tenantDomain
* @return
* @throws IdentityApplicationManagementException
*/
private void deleteProvisionedEntityIdentifier(String idpName, String connectorType, ProvisioningEntity provisioningEntity, String tenantDomain) throws IdentityApplicationManagementException {
int tenantId;
try {
tenantId = IdPManagementUtil.getTenantIdOfDomain(tenantDomain);
dao.deleteProvisioningEntity(idpName, connectorType, provisioningEntity, tenantId, tenantDomain);
} catch (UserStoreException e) {
throw new IdentityApplicationManagementException("Error while deleting provisioning identifier.", e);
}
}
use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.
the class CacheBackedProvisioningMgtDAO method deleteProvisioningEntity.
/**
* @param identityProviderName
* @param connectorType
* @param provisioningEntity
* @param tenantId
* @throws IdentityApplicationManagementException
*/
public void deleteProvisioningEntity(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException {
ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity);
ProvisioningEntityCacheEntry entry = provisioningEntityCache.getValueFromCache(cacheKey, tenantDomain);
if (entry != null) {
if (log.isDebugEnabled()) {
log.debug("Cache entry found for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Hence remove from cache");
}
provisioningEntityCache.clearCacheEntry(cacheKey, tenantDomain);
}
provisioningMgtDAO.deleteProvisioningEntity(identityProviderName, connectorType, provisioningEntity, tenantId);
if (log.isDebugEnabled()) {
log.debug("Entry removed from DB for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName());
}
}
use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.
the class CacheBackedProvisioningMgtDAO method getProvisionedIdentifier.
/**
* @param identityProviderName
* @param connectorType
* @param provisioningEntity
* @param tenantId
* @throws IdentityApplicationManagementException
*/
public ProvisionedIdentifier getProvisionedIdentifier(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException {
ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity);
ProvisioningEntityCacheEntry entry = provisioningEntityCache.getValueFromCache(cacheKey, tenantDomain);
if (entry != null) {
if (log.isDebugEnabled()) {
log.debug("Cache entry found for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName());
}
provisioningEntity = entry.getProvisioningEntity();
return provisioningEntity.getIdentifier();
} else {
if (log.isDebugEnabled()) {
log.debug("Cache entry not found for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Fetching entity from DB");
}
ProvisionedIdentifier provisionedIdentifier = provisioningMgtDAO.getProvisionedIdentifier(identityProviderName, connectorType, provisioningEntity, tenantId);
if (provisionedIdentifier != null) {
if (log.isDebugEnabled()) {
log.debug("Entry fetched from DB for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + ". Updating cache");
}
ProvisioningEntity cachedProvisioningEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getOperation());
cachedProvisioningEntity.setIdentifier(provisionedIdentifier);
entry = new ProvisioningEntityCacheEntry();
entry.setProvisioningEntity(cachedProvisioningEntity);
provisioningEntityCache.addToCache(cacheKey, entry, tenantDomain);
return provisionedIdentifier;
} else {
if (log.isDebugEnabled()) {
log.debug("Entry for Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + " not found in cache or DB");
}
}
}
return null;
}
use of org.wso2.carbon.identity.provisioning.ProvisioningEntity in project carbon-identity-framework by wso2.
the class CacheBackedProvisioningMgtDAO method addProvisioningEntity.
/**
* @param identityProviderName
* @param connectorType
* @param provisioningEntity
* @param tenantId
* @throws IdentityApplicationManagementException
*/
public void addProvisioningEntity(String identityProviderName, String connectorType, ProvisioningEntity provisioningEntity, int tenantId, String tenantDomain) throws IdentityApplicationManagementException {
provisioningMgtDAO.addProvisioningEntity(identityProviderName, connectorType, provisioningEntity, tenantId);
if (log.isDebugEnabled()) {
log.debug("Caching newly added Provisioning Entity : " + "identityProviderName=" + identityProviderName + "&& connectorType=" + connectorType + "&& provisioningEntityType=" + provisioningEntity.getEntityType() + "&& provisioningEntityName=" + provisioningEntity.getEntityName() + "&& provisioningIdentifier=" + provisioningEntity.getIdentifier().getIdentifier());
}
ProvisioningEntityCacheKey cacheKey = new ProvisioningEntityCacheKey(identityProviderName, connectorType, provisioningEntity);
ProvisioningEntityCacheEntry entry = new ProvisioningEntityCacheEntry();
ProvisioningEntity cachedProvisioningEntity = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getOperation());
ProvisionedIdentifier provisionedIdentifier = provisioningEntity.getIdentifier();
cachedProvisioningEntity.setIdentifier(provisionedIdentifier);
entry.setProvisioningEntity(cachedProvisioningEntity);
provisioningEntityCache.addToCache(cacheKey, entry, tenantDomain);
}
Aggregations